How to Install OpenSSH 8.0 Server from Source in Linux

OpenSSH is a free and open source, full implementation of the SSH protocol 2.0. It provides a number of tools for securely accessing and managing remote computer systems, and managing authentications keys, such as ssh (a secure replacement for telnet), scp, sftp (secure replacement for ftp), ssh-keygen, ssh-copy-id, ssh-add, and more.

Recently OpenSSH 8.0 was released and ships in with many new features and bug fixes; you can read the release notes for more information.

In this article, we will explain how to install and configure the latest version of OpenSSH 8.0 server and client on a Linux system from sources. We assume that you have an existing installation of OpenSSH suite.

Requirements:

A Debian/Ubuntu or RHEL/CentOS Linux system

C compiler

Zlib 1.1.4 or 1.2.1.2 or greater

LibreSSL or OpenSSL >= 1.0.1 < 1.1.0

Install OpenSSH Server and Client in Linux

Before installing latest version of SSH, make sure to check the current version of SSH installed on your system using the following command.

$ ssh -V
OpenSSH_7.7p2 Ubuntu-4ubuntu2.5, OpenSSL 1.0.2g 1 Mar 2016

From the above result, the installed OpenSSH version is 7.7, to install latest OpenSSH version, first you need to install few dependencies, i.e development tools or build essentials and the other required packages, as follows.

Now we will build and install OpenSSH server using the --with-md5-passwords, --with-privsep-path and --sysconfdir options, which will install all the files in /usr/local/ (this is the default installation PREFIX).

You can see all available options by running ./configure -h and customize your installation further.

$ ./configure -h

For instance, to enable PAM and SELinux support, add the --with-pam and --with-selinux options, respectively, you need to install all the necessary header files for them to work.

That’s it! In this article, we’ve explained how to install and configure the latest version of OpenSSH server and client on a Linux system. If you have any questions or comments, use the feedback form below to reach us.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

20 Responses

One Caveat is to install the “build-essential” Pkg not with an S on the end that will mess you up: I’m going to fire my own script I wrote to speed up the Process: This does work for me.

Although I have seen openssl go in and not go in correctly. So try this its basic – some work will be required by your part to set your Compile directories for openssh-8 for your “untar’d location after download”.

This has all Adrians Steps and few addons prior for GCC 7 and 8 files which I found after these – all worked. Simply an attempt to share and help those to help themselves.
#-------------------------------
#!/bin/bash
#
# my configure script to install zlib-1.2.11 openssl-1.1.1a and openssh-8.0p1 Latest - all if pkgs are in
# myDwn/newSoft/ as untarred directory contents ready to compile: This script will do it all
# This script will perform all to install all 3 main system components for ssh support
# Checks-Performed-Operated:
# 1-rootUser only
# 2-Pre-Liminary Setup name/dir/groups/perms - build-essential for compile
# 3-Zlib
# 4-openssl
# 5-openssh w/checks inbetween per Completed response $?=0 if done wez all-In
#
# Note: Take as learning experience: no accountability for what you may do with this script
# tdk = Tap the AnyKey = Just tap the Enter Key on your keyboard
#---------------------------------------------------------------------------------------------------------

PreLym
#---------------------------------------------------------------------------------------------------------
# this shud help automagic the process - the read junks provide interactive step procedure -
# having a Check last cmd exit status is a bonus to just watching it all happen after execution.

my Only hopes this does help people with this process. Keep trying reading digging answers are always available – sharing is much more fun when it does help .. So this is only my hope.. Enjoy learn and pass on..

I followed your guide, and when I type command ssh -V it is showing 8.0, but when I type ssh -v localhost it is showing the following:
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

Could you please give me some hint of where I did wrong or where should I do extra to update the registry information on the machine? Or is it because we compiled the update rather than using system package manager so that there is ssh still missing update?

Although if you compile and install 7.9 successfully, this will not replace the existing sshd bin file (you can check with ssh -v localhost) , don’t know what’s the reason, but i had to rsync the compiled bin file to the existing sshd.

one other caveat on linux there appears to be no prngd generator there is no info as to using replacement on Linux when working this type of additional number and cipher picks. Nice to see many methods and info towards this. It is hard finding a syntax example that works correctly.

This method does work great Now testing 2nd fresh install on Mint 19.1 Mate. A pre-install of latest tarball zlib and openssl-1-1-1a, plain out tar .configure then follow these steps – worked 2nd time assembling the steps into a script (I can fire it up if wish) to stream Line this openssh-7.9p1 update. (PRNGD or EGD be nice for Linux).

I’m simply brain crammed as to why distro crews do not keep zlib openssl and openssh always to their latest. This represents our security and integrity using these OS distros and saying its a Debian stable etc is just plain weak for older levels.

Other just as cool distros keep their Updates ie: Latest for the important integrity of their works. Please get the message. Just a few more pkg adjustments and you can keep us all more happy users with your work. Cheers

I did manage to compile openssh-7.9p1 along with openssl and zlib. also without SElinux option or –sysconfdir=/etc/ssh – that didn’t seen to matter for the compile step – most likely I’m missing parts for correct compiling tools and library resource be my only thought to still seeing misses on the final ending.

Work in progress – resorting to a Virtual Guest to attempt better learning steps. working to order logic zlib 1st openssl 2nd and openssh 3rd to raw compile. – BIG on my List to Wana Know is make clean and or “Re- runs to recompile and know I can remove my previous attempt to compile files and Start again. So when finally click with the right commandline and resources the end result will not be bloated scrap files around my system. ?

possibly only caveat I may ask of – is For what Starting Directory should this Process be started from – if existing ssh version is already installed – i.e: in one form where should could the openssh*.tar.gz “tarball” go to work this – ~/username/temp dir or /tmp system directory and apt-get Newest Version of openssh and have it be downloaded and gunzip’d there ?